Hi Pablo, On Fri, 16 Nov 2012, Pablo Neira Ayuso wrote: > > Currently I'm trying to find a way to purge just the entries which are > > affected by the routing change (for example when there are muliple VPN > > tunnels). However that requires a new conntrack extension and it's > > nontrivial (at least for me) to figure out the required data from struct > > fib_info. > > > > If the conntrack extension is used then of course the status bit is not > > required. > > We can register now variable length conntrack extensions. I think we > can use that feature to extend nf_conn_nat to allocate extra > information for all working modes of MASQUERADE. It may require > changing the nf_nat_setup_info interface to pass some new flags. > > Regarding the variable length conntrack extensions, please check > nf_ct_ext_add_length in net/netfilter/nf_conntrack_helper.c for > instance. I realized that there's no point to store the extra information in an extension: changing for example the weight of another routing rule may effect the conntrack entry. So we have to recheck the routing. Sigh. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
